SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Password Help


Password Help

Author
Message
Rod
Rod
Say Hey Kid
Say Hey Kid (675 reputation)Say Hey Kid (675 reputation)Say Hey Kid (675 reputation)Say Hey Kid (675 reputation)Say Hey Kid (675 reputation)Say Hey Kid (675 reputation)Say Hey Kid (675 reputation)Say Hey Kid (675 reputation)

Group: General Forum Members
Points: 675 Visits: 619
Good topic, Steve, and a tough one. I just don't see a clean, easy, solution, although I do appreciate your listing those 2 password managers (I've never heard of either). Each solution I see has problems. I could put all my accounts and passwords onto my phone; but what if my phone gets stolen. I could use one of these 2 password managers; but what if the program or its database gets corrupted, my hard drive fails, etc? My wife said that paper day planners have a section for this very purpose; but what if that gets stolen? I could write everything down in a small notebook; but what if I loose that? I'll be interested to see how this conversation plays out.

Rod
lwheeler
lwheeler
Forum Newbie
Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)

Group: General Forum Members
Points: 9 Visits: 323
Use keepass with its stored database on a service such as Dropbox. That way it will be available from any pc.
GSquared
GSquared
SSC-Insane
SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)

Group: General Forum Members
Points: 23373 Visits: 9730
lwheeler (6/28/2012)
Use keepass with its stored database on a service such as Dropbox. That way it will be available from any pc.


So long as you can access Dropbox (or whatever online storage you use) from any pc, that works. But, of course, you need to have your Dropbox password, and KeePass password, memorized, changed frequently (or with high enough entropy to not require that), and so on.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Kelly Schlueter
Kelly Schlueter
Grasshopper
Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)

Group: General Forum Members
Points: 14 Visits: 276
I use KeePass and encourage it's use to anyone I help out who runs into password troubles.

In terms of portability, there are versions for almost every platform out there, including phones. So if you can't use a flash drive have it on your phone. Yes, it's definitely harder to transcribe it from your phone, but it's manageable.

If you are concerned about one file having all you passwords, then break it in to two files one for high security and one for low security. The other option is to just make this one of your handful of really secure passwords that you simply need to remember to get in to your "machines". Machine login(s) and then your password safe login.

I have two files one for work and one for home, both are relatively secure passwords. To mitigate the possibility of losing everything with one file, I have a self enforced process of syncing the password file from my computer to my flash drive every time I change my password. For work, this has bailed me out twice after changing my login password which IT requires relatively high complexity and way too frequent of changes. I didn't end up using it enough that day that I changed it and muscle memory was still on the previous password. I came in the next day and blanked. Fortunately it was easy enough to bring up KeePass on a different computer and check my password. That has helped cement my process to ensure I have it synced after a password change.
pdanes
pdanes
Right there with Babe
Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)

Group: General Forum Members
Points: 736 Visits: 1354
I use a system of passwords, generated according to a fixed set of rules, that are easy to remember but impossible to guess. It's easy enough to think up such a system and adhere to it. I use one password from the system for all junk accounts that require me to log in, but where I have no data of any real value, like this one. For all others, I use unique passwords from the system and have never had any trouble using or remembering, and have never had an account hacked.

The trick is to use stuff that means something to you, but even people who know you would not be able to guess. For instance, if you're a football freak, the name of the team, combined with the jersey number and name of the quarterback, separated by plus signs, second and next-to-last letter of the team name capitalized, first and third letter of the QB's name capitalized, e.g. cOwboYs+9+RoMo.

No password guesser will ever hit something like that, nor will it be in any list of commonly used passwords, and your memory cue, which you can even safely write down is simply 'Dallas'. You adhere to the rules, which you can make as complex as you like, and the simple cue will give you the jog needed to reconstruct the password any time you need it, without actually having to remember it. It needn't be football, and isn't for me - I have very little interest in the game, but if you use something that DOES interest you, and contains such things that you remember without trying, BECAUSE it interests you, you will have an extremely safe and extremely easy to use system for creating and using secure passwords.
djackson 22568
djackson 22568
Ten Centuries
Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)

Group: General Forum Members
Points: 1276 Visits: 1216
Steve,

I have not used KeePass, but I do use Password Safe. It is a fine product, and the ability to have all my passwords in one place is helpful. I even have a version for home now!

The funny thing is seeing the look on someone's face when they complain about having too many passwords to remember (usually around 5 or so!) and I tell them that I have more than 500 passwords I have to use. Whether their mouth shuts, or opens fully, I have yet to hear another sound after telling them that.

It can be quite fun!

Dave
pdanes
pdanes
Right there with Babe
Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)Right there with Babe (736 reputation)

Group: General Forum Members
Points: 736 Visits: 1354
djackson 22568 (6/28/2012)
I have not used KeePass, but I do use Password Safe. It is a fine product, and the ability to have all my passwords in one place is helpful. I even have a version for home now!
I'd still be leery about that. What if someone gets into your password account? All eggs in one basket...
Miles Neale
Miles Neale
Hall of Fame
Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)

Group: General Forum Members
Points: 3028 Visits: 1694
Steve,

Excellent. I will be forwarding the link and a quote from the editorial to many in the management of the company I work with as my second job. Folks do not realize the fix they can get themselves into often until it is too late. A few words of simple wisdom can save our friends and colleagues a lot of heartache, and loss.

Thank you! Very clear and concise.

M.

Not all gray hairs are Dinosaurs!
kevin77
kevin77
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1821 Visits: 1099
But...getting back to the more root of the problem. What the hell was LinkedIn.com doing storing hashed passwords without a salt value!!!!!

This isn't the first time Steve has brought this topic up. Here is my response from before:

From the editorial "Should You Write Down Your Passwords?" http://www.sqlservercentral.com/Forums/FindPost1017344.aspx



SQLBill
SQLBill
SSCarpal Tunnel
SSCarpal Tunnel (5K reputation)SSCarpal Tunnel (5K reputation)SSCarpal Tunnel (5K reputation)SSCarpal Tunnel (5K reputation)SSCarpal Tunnel (5K reputation)SSCarpal Tunnel (5K reputation)SSCarpal Tunnel (5K reputation)SSCarpal Tunnel (5K reputation)

Group: General Forum Members
Points: 4959 Visits: 1075
I have a different password for everything I log into. When I give other people advice about how to have strong and easy to remember passwords, this is what I suggest.

First, use some numbers instead of letters. 1 for I, 0 for O, 3 for E, 4 for A, 5 for S, 6 for b, 9 for G. Don't use all of them, just pick one or two and use those in your passwords. So a person might pick 4 for A and 9 for G.

Second, pick two or three characters that have a meaning to you.

Third, use the above two with the site name. You can put the two or three characters anywhere.

For example: my password for SQLServerCentral.com, might be (it's not):

P9hSQLServerCentr4l

P9h = Pgh - abbreviation for the city I'm originally from.

It's easy to remember but not easy to guess; and meets all the normal requirements. 8 characters or more, one Uppercase letter, one lowercase, one number.

Following those three easy steps, you can make a different password for every site you use. And there's very slim chance anyone else will come up with that. If the site's name is less than 8 characters (MSN.com), you can repeat the name. MSNP9hMSNP9h

-SQLBill



Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search